It seems that no matter how many security technologies, network perimeters, and intrusion prevention safeguards are erected, the bad guys somehow find a means of entry.
Enter microsegmentation as a way to minimize the damage from successful perimeter breaches. The basic idea is to segment off parts of the network, especially the most sensitive parts, and wall them off with stricter policies and tie them into a zero-trust architecture.
Microsegmentation improves visibility into data flows and restricts access to applications and data based on approved identities and roles. This makes it far more difficult for cybercriminals to move laterally within a network. Restrictions can also be extended by location and device. Server-to-server, application-to-server, and web-to-server traffic is more closely monitored, with policies preventing all but vital communications between these network segments.